Acceptable LDAP solutions
Dan Nelson
dnelson at allantgroup.com
Mon May 19 16:10:57 PDT 2003
In the last episode (May 19), Gordon Tetlow said:
> On Mon, May 19, 2003 at 03:10:13PM -0500, Shawn Debnath wrote:
> > Looks like LDAP uses plain old crypt(), and I am forced into using
> > that b/c of the setup here. Time to make sure the LDAP server is
> > secure at least. Thanks for your help Gordon.
>
> You should at least be able to use MD5:
>
> dn: cn=Joe L. User,ou=people,dc=example,dc=com
> objectClass: posixAccount
> cn: Joe L. User
> uid: joeluser
> uidNumber: 1000
> gidNumber: 1000
> homeDirectory: /home/joeluser
> userPassword: {MD5}<standard md5 password hash>
I can authenticate to a Netware 6 LDAP server, and it doesn't give you
a password hash at all. I'm using pam_ldap from ports, and my uri is
an ldaps:// address, which apparently forces pam_ldap to do SSL
authentication with the supplied username and password.
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-current
mailing list